Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

ZipLine Contact Us form phishing campaign

Campaign
First reported
Last updated
Happening score
H score 36
1 unique sources, 1 articles

Summary

Hide ▲

The ZipLine phishing campaign is actively targeting dozens of organizations by abusing company Contact Us forms to make victims start the conversation, which helps the attackers build trust before delivering a weaponized ZIP file. The operation matters because it blends legitimate-looking business outreach with abandoned or dormant domains and a hidden .lnk payload that can deploy MixShell. The target set spans industrial manufacturers, hardware, semiconductor, consumer goods, biotech, and pharma organizations.

Related Happenings

Rhadamanthys operators rebrand as RHAD security with tiered MaaS pricing

Threat Actor Meta
First: 03.10.2025 18:58 Last: 03.10.2025 18:58 Sources 1

About this happening: **Rhadamanthys** operators have rebranded their malware service as **RHAD security** and **Mythical Origin Labs**, signaling a shift toward a more durable underground business. Th...

Open Happening

Timeline

  1. 27.08.2025 23:35 1 articles · 9mo ago

    ZipLine phishing campaign abuses company Contact Us forms

    Initial Disclosure

    ZipLine is a financially motivated phishing campaign that abuses company Contact Us forms to make targeted organizations start the email conversation, then uses long, professional-sounding exchanges before sending a weaponized ZIP file. The ZIP file can contain real PDF and DOCX decoys plus a malicious .lnk shortcut that launches PowerShell and deploys MixShell in memory with persistence, while the campaign also uses abandoned or dormant domains registered between 2015 and 2019 and has already reached dozens of organizations across industrial manufacturing, hardware, semiconductor, consumer goods, biotech, and pharma sectors.

    Show sources
    Open in new tab